I have been trying to secure my project. I have a log in page that authenticates with an LDAP server and if not right it pulls up an error page etc. I have now just added
<auth-constraint> <!-- Currently causing a 403, looks like stoping .css files --> <role-name>*</role-name> </auth-constraint> to my web.xml, to make sure the users are authenticated before they can view any page, however it seems to be blocking my .css file, Ithink as now the log in page does not display any css at all, and is just white basic, and when I press submit I get:
with this error:
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
GlassFish Server Open Source Edition 3.1.2.2
This is my web.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-name>Upload Filter</filter-name> <filter-class>richard.fileupload.UploadFilter</filter-class> <init-param> <param-name>sizeThreshold</param-name> <param-value>1024</param-value> </init-param> </filter> <filter-mapping> <filter-name>Upload Filter</filter-name> <url-pattern>/upload/*</url-pattern> </filter-mapping> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.xhtml</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.xhtml</welcome-file> </welcome-file-list> <context-param> <param-name>javax.faces.PROJECT_STAGE</param-name> <param-value>Development</param-value> </context-param> <context-param> <param-name>facelets.LIBRARIES</param-name> <param-value>/WEB-INF/corejsf.taglib.xml</param-value> </context-param> <context-param> <param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name> <param-value>true</param-value> </context-param> <login-config> <auth-method>FORM</auth-method> <realm-name>LDAP</realm-name> <form-login-config> <form-login-page>/login.xhtml</form-login-page> <form-error-page>/login-failed.xhtml</form-error-page> </form-login-config> </login-config> <security-role> <role-name>user</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Allowed resources</web-resource-name> <url-pattern>/javax.faces.resources/*</url-pattern> </web-resource-collection> <!-- web resources that are protected --> <web-resource-collection> <web-resource-name>All Resources</web-resource-name> <url-pattern>/*</url-pattern> <!-- this is currently causing a 404 --> <http-method>GETLIB</http-method> <http-method>COPY</http-method> <http-method>MOVE</http-method> <http-method>DELETE</http-method> <http-method>PROPFIND</http-method> <http-method>GET</http-method> <http-method>HEAD</http-method> <http-method>PUT</http-method> <http-method>MKCOL</http-method> <http-method>PROPPATCH</http-method> <http-method>LOCK</http-method> <http-method>UNLOCK</http-method> <http-method>VERSION-CONTROL</http-method> <http-method>CHECKIN</http-method> <http-method>CHECKOUT</http-method> <http-method>UNCHECKOUT</http-method> <http-method>REPORT</http-method> <http-method>UPDATE</http-method> <http-method>CANCELUPLOAD</http-method> </web-resource-collection> <auth-constraint> <!-- Currently causing a 403, looks like stoping .css files --> <role-name>*</role-name> </auth-constraint> </security-constraint> </web-app> Basically, what is stopping my css file and how can I allow it?